@@ -44,7 +44,7 @@ discard block |
||
44 | 44 | $msg = Str::substr($data, $isz + $hsz + $tsz + 4); |
45 | 45 | |
46 | 46 | // Calculate verification checksum |
47 | - $chk = \hash_hmac($algo, ($msg . $itr . $ivr), $pass, true); |
|
47 | + $chk = \hash_hmac($algo, ($msg.$itr.$ivr), $pass, true); |
|
48 | 48 | |
49 | 49 | // Verify HMAC before decrypting |
50 | 50 | if (!Str::equal($chk, $sum)) { |
@@ -55,7 +55,7 @@ discard block |
||
55 | 55 | $cost = \unpack('N', $itr ^ \hash_hmac($algo, $ivr, $pass, true))[1]; |
56 | 56 | |
57 | 57 | // Derive key from password |
58 | - $key = \hash_pbkdf2($algo, ($pass . $cipher), $ivr, $cost, 0, true); |
|
58 | + $key = \hash_pbkdf2($algo, ($pass.$cipher), $ivr, $cost, 0, true); |
|
59 | 59 | |
60 | 60 | // Decrypt message and return |
61 | 61 | return parent::openssl_decrypt($msg, $cipher, $key, $ivr, $tag); |
@@ -68,7 +68,7 @@ discard block |
||
68 | 68 | |
69 | 69 | // Derive key from password with hash_pbkdf2 function. |
70 | 70 | // Append CIPHER to password beforehand so that cross-method decryptions will fail at checksum step |
71 | - $key = \hash_pbkdf2($algo, ($pass . $cipher), $ivr, $cost, 0, true); |
|
71 | + $key = \hash_pbkdf2($algo, ($pass.$cipher), $ivr, $cost, 0, true); |
|
72 | 72 | |
73 | 73 | // Create a placeholder for the authentication tag to be passed by reference |
74 | 74 | $tag = ''; |
@@ -80,9 +80,9 @@ discard block |
||
80 | 80 | $itr = \pack('N', $cost) ^ \hash_hmac($algo, $ivr, $pass, true); |
81 | 81 | |
82 | 82 | // Generate the ciphertext checksum to prevent bit tampering |
83 | - $chk = \hash_hmac($algo, ($msg . $itr . $ivr), $pass, true); |
|
83 | + $chk = \hash_hmac($algo, ($msg.$itr.$ivr), $pass, true); |
|
84 | 84 | |
85 | 85 | // Return iv + checksum + iterations + cyphertext + tag |
86 | - return $ivr . $chk . $tag . $itr . $msg; |
|
86 | + return $ivr.$chk.$tag.$itr.$msg; |
|
87 | 87 | } |
88 | 88 | } |